[gentoo-dev] Re: Improve the security of the default profile

On Sun, 8 Sep 2013 11:05:16 + (UTC) Martin Vaeth wrote: > Ryan Hill wrote: > > In any case this is a firm no. > > The increase in loading times for apps that link lots of libraries is > > significant (if it wasn't, we wouldn't need lazy loading :p). > You get the same delay for lazy linki

[gentoo-dev] Automated Package Removal and Addition Tracker, for the week ending 2013-09-08 23h59 UTC

The attached list notes all of the packages that were added or removed from the tree, for the week ending 2013-09-08 23h59 UTC. Removals: kde-misc/todo-list 2013-09-04 16:53:43 creffett dev-python/multiprocessing 2013-09-05 09:55:22 mgorny dev-python/turbo

[gentoo-dev] Re: Improve the security of the default profile

On Sat, 07 Sep 2013 19:08:57 -0400 "Rick \"Zero_Chaos\" Farina" wrote: > Personally I think this would be a great stepping stone. If we add > - -fstack-protector to 4.8.1 it will improve security (only a little I > know) and give us an idea of what issues we may have. After a short > enjoyment

Re: [gentoo-dev] [PATCH systemd.eclass] Introduce systemd_install_serviced().

On Sun, 8 Sep 2013 17:46:28 +0200 Michał Górny wrote: > > > suffix" + > > > + local INSDESTTREE > > > > I guess this is a leftover ? > > Nope. 'insinto' sets INSDESTTREE. Due to lack of proper scoping > support in bash, we need to localize this variable to restore previous > 'insinto' scope afte

[gentoo-dev] Re: About perl-5.18 unmasking

On 9/09/2013 02:40, Markos Chandras wrote: Moreover, I don't think raising this issue to the mailing list is appropriate as a first step. Based on the number of replies to -commits that end up on here, it's no surprise that it can appear appropriate to raise an issue like this here initially.

Re: [gentoo-dev] [PATCH systemd.eclass] Introduce systemd_install_serviced().

Dnia 2013-09-08, o godz. 17:14:54 Gilles Dartiguelongue napisał(a): > Le dimanche 08 septembre 2013 à 13:12 +0200, Michał Górny a écrit : > > This function can be used to install service configuration templates. > > Usage: > > > > systemd_install_serviced "${FILESDIR}"/foo.service.conf > > >

Re: [gentoo-dev] About perl-5.18 unmasking

On 8 September 2013 14:00, Mikle Kolyada wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi guys! > > Few days ago i was surprised, when i saw perl-5.18 unhardmasked. > So, i want ask here. > > > @Patrick, why you unmask it? You even not ack perl herd about it. It was > in the tree

Re: [gentoo-dev] [PATCH systemd.eclass] Introduce systemd_install_serviced().

El dom, 08-09-2013 a las 17:14 +0200, Gilles Dartiguelongue escribió: > Le dimanche 08 septembre 2013 à 13:12 +0200, Michał Górny a écrit : > > This function can be used to install service configuration templates. > > Usage: > > > > systemd_install_serviced "${FILESDIR}"/foo.service.conf > > >

Re: [gentoo-dev] [PATCH systemd.eclass] Introduce systemd_install_serviced().

Le dimanche 08 septembre 2013 à 13:12 +0200, Michał Górny a écrit : > This function can be used to install service configuration templates. > Usage: > > systemd_install_serviced "${FILESDIR}"/foo.service.conf > > or: > > systemd_install_serviced "${FILESDIR}"/barbaz foo.service > > with the

[gentoo-dev] Reference Implementation for GLEP RAP Draft

Dear all, We have just pushed out a reference implementation for GLEP RAP (i.e. Prefix with libc) draft: http://article.gmane.org/gmane.linux.gentoo.alt/6663 Hope this will help people grab the idea behind it and help the council review and decide on the GLEP draft[1]. At the moment, amd6

Re: [gentoo-dev] Re: Improve the security of the default profile

On Sat, Sep 07, 2013 at 07:12:04PM -0400, Rich Freeman wrote: > On Sat, Sep 7, 2013 at 7:08 PM, Rick "Zero_Chaos" Farina > wrote: > > Personally I'm using the hardened profile already and find the > > performance penalties negligible for a desktop user, and someone trying > > to run realtime on de

[gentoo-dev] About perl-5.18 unmasking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi guys! Few days ago i was surprised, when i saw perl-5.18 unhardmasked. So, i want ask here. @Patrick, why you unmask it? You even not ack perl herd about it. It was in the tree about two weeks, too early for unmasking, furthermore, you added not

[gentoo-dev] Re: Improve the security of the default profile

Ryan Hill wrote: > Martin Vaeth wrote: >> > >> > * -fstack-protector{-all} >> > No thank you. -fstack-protector has very limited coverage >> >> I'd say it covers most cases where bugs can be made, [...] > > The numbers I've seen show a maximum of 5% coverage for code that has a > large number of

[gentoo-dev] [PATCH systemd.eclass] Introduce systemd_install_serviced().

This function can be used to install service configuration templates. Usage: systemd_install_serviced "${FILESDIR}"/foo.service.conf or: systemd_install_serviced "${FILESDIR}"/barbaz foo.service with the latter specifying related service name explicitly, former expecting it to match ${basen

[gentoo-dev] Re: Improve the security of the default profile

Ryan Hill wrote: > >> > * -Wl,-z,relro >> > Enabled by default since binutils 2.18 >> >> This gives its real impact on secutiry only when combined with >> >> * -Wl,-z,now >> >> The latter is not enabled by default AFAIK. > > That's a bit misleading. Immediate binding does allow the GOT to be made